The groundbreaking Equifax hack affected 140 million Americans who had personal data including Social Security numbers and birth dates stolen. According to the US Attorney General whose office charged four Chinese military officers for the crime, China’s theft of personal information feeds their development of artificial intelligence (AI) tools as well as the creation of intelligence targeting packages.
The malicious use of machine learning is not confined to state-sponsored hackers and AI-based tools are becoming ever more sophisticated. AI technologies give bad actors new resources for taking personally identifiable information (PII) and using it in nefarious ways. For example, generative adversarial network (GAN) technologies enable neural networks to “train” each other to create fake data and decide if it is convincing. When you overlay that capability on top of legitimate data like a person’s name, Social Security number and bank account number, the fraud possibilities are endless.
So, what can you do to protect your PII when entire industries are built on selling personal data like names, addresses, phone numbers and birth dates? Data resellers and the businesses who feed them continue to operate in the shadows despite heightened attention driven by legislative actions in Vermont and California. CCPA, a sweeping privacy law in California, has a requirement for data brokers to register with the state attorney general and make their contact information available to the public. But like the telemarketers ‘do not call’ registry put in effect in 2005, this approach to more transparency is unlikely to have meaningful impact on safeguarding consumers’ personal information; there is always a workaround. We are already seeing proposed refinements to the CA law that let data resellers slide on giving consumers a “notice at collection” as long and they provide a link to their privacy policy where they must state how to opt out of the sale of personal data. These opt out processes can change on a dime if a data reseller wants and there is no uniformity in practices.
On the personal data supply side, every piece of personal information is worth something to data brokers. You can bet that online businesses are selling your information when you create an account. And in what may seem like the most innocuous circumstance, say when the local coffee shop offers discounts when you sign up for their loyalty program, your name, email address and phone number might become part of a new revenue stream for the shop because data brokers are always eager buyers.
While data resellers make it tremendously difficult to take down personal information, Insite has developed an annual Personal Informational Removal program that tackles ongoing removal requests from over 100 of the top data brokers. It takes a sustained effort of making removal requests from each data reseller and then constant monitoring to ensure personal information is not re-posted for sale, which is all part of the annual program. Click here to request more information about how to enroll.